5.4.5.2.2 TLS Fatal Alerts
The CredSSP protocol leverages TLS Alert Messages with the level set to Fatal ([RFC2246] section 7.2, [RFC4346] section 7.2, and [RFC5246] section 7.2) to report error conditions. The alert messages that can be transmitted are summarized in the following table.
|
TLS Alert Code |
Meaning |
|---|---|
|
TLS1_ALERT_UNEXPECTED_MESSAGE 10 |
An inappropriate message was received. |
|
TLS1_ALERT_DECRYPTION_FAILED 21 |
Ciphertext was decrypted in an invalid way: either it was not an even multiple of the block length or its padding values, when checked, were incorrect. |
|
TLS1_ALERT_BAD_CERTIFICATE 42 |
A certificate was corrupt; for example, it contained signatures that did not verify correctly. |
|
TLS1_ALERT_CERTIFICATE_EXPIRED 45 |
A certificate has expired or is not currently valid. |
|
TLS1_ALERT_UNKNOWN_CA 48 |
A valid certificate chain or partial chain was received, but the certificate was not accepted because the certification authority (CA) certificate could not be located or could not be matched with a known, trusted CA. |
|
TLS1_ALERT_ACCESS_DENIED 49 |
A login failure occurred due to invalid credentials. |
|
TLS1_ALERT_INTERNAL_ERROR 80 |
A generic, catch-all error code. |